Another Security Flaw Has Been Discovered in Intel’s Management Firmware

There is nothing as disturbing as living with the fear that someone somewhere has remote access to your personal or co-operate computer. That’s like having to survive at the mercies of a kidnapper -but it’s worse because the abductor in question can have accesses to all your bank passwords, your controversial photos and even a direct access to your boss’s email conducts.

Well… here we are not talking about the recently found Intel flaws by the name of Meltdown and Spectre; this is a new flaw that points to Intel’s Management Firmware.

But First, are we Secured from the Fears of Meltdown and Spectre?

So far, there fear around these bugs is slowly dissipating because most stakeholders have taken initiatives to seal the cracks. With the most current fix being Apple’s release of iOS 11.2.2 in update to disarm Spectre (which was said it could allow intruders to run their script remotely on your computer).

About meltdown, previous updates like iOS 11.2, macOS 10.13.2 and tvOS 11.2 are said to have tackled the bug. As in, in summary, Intel, Google, and Amazon also came out very clear to indicate that they were handling the threat.

The New Flaw in Intel Management Firmware

Source: FT

Researchers at F-Secure came up to reveal another, let’s call it a weakness, in Intel’s MT (Management Technology). This flaw could allow a smart attacker with ephemeral physical access to any PC to gain constant remote access to a machine.

Well, fortunately –with the Active Management Technology placed inside 100 million systems by Intel, if the attacker is relatively out “of band range” the user is safe. Nonetheless, that’s not a safe-bed rest on because the person that wants your secured details can be situated in the next room, the next office flow or even in the bathroom of your hotel.

Let’s be clear:

It’s worth being categorical that for the attack facilitated by this flaw to be successful, the “hacker” (let’s call him or her that) must first have contact access to the target computer -to be able to enable “faraway” access from his or her destination.

That is, the flaw makes the computer vulnerable to BIOS passwords bypass, changing of Trusted Platform Module identification numbers, and alteration of BitLocker disk encryption passwords. As in, to some extent, the evil-mind in question must be technical enough (which in most cases they are) to successfully execute the attack.

The Exact Point of the Weakness

If the MEBx (Management Engine BIOS Extension) hasn’t been configured either by the user or by their organization’s IT, the attacker can quickly head over to the configuration settings. Now, using the original Intel’s “admin” (default) password, he can change the password, then enable remote access.

But the craftiest part of all is that the attacker can set the firmware to not bring forth the user’s “opt-in” page but logs in after powering up of the system. Meaning, it’ll never be easy to suspect that something is amiss. “So the attacker will be having distant access every time the PC is on,” the F-Secure’s release noted.

Well, of cause, the above also needs the attacker to insert himself or herself onto the network of the target victim (which is often a no-brainer to hackers because it’s a matter of knowing the network’s IP address and few tricks). It’s worth repeating that the basic step of this attack is physical brief access to the machine. The “evil-maid” (who can be your co-worker, fellow train passenger and so on) can grasp the machine after you’ve left for a short call. And the stressing thing is that the remote access can be beyond wireless networks.

Protecting Yourself

To clear the airwave, Intel clarified that the flaw is not really its fault but it is a case of the PC manufacturers not strictly following the company’s advice while manufacturing the firmware. In simple terms, it has placed the onus on the PC manufactures.

Is it possible to protect yourself? Fortunately yes! and you don’t need to really wait for updates because it’s already there. Intel provided a guideline on best AMT configuring practices late last month to prevent all kinds of AMT-based intrusions on PCs.

Intel has also written a letter through its spokesperson thanking the security research community for alerting the public about the vulnerability but has said that not all computers were exposed. “Most system manufactures configured their system so, no worries, only some did not,” explained the letter.

In other words, the updates released for Intel Management Engine BIOS (MEBx), In November 2017 would help mitigate the flaw.

Comments

comments